Welcome to Open Carnage

A resource for Halo 1 modding and tech, with unique means of rewarding individual content creation and support. Have a wander to see why we're worth the time! EST. 2012

Sign in to follow this  
Followers 0
Tucker933

Hackers hold 7 million Dropbox passwords ransom

23 posts in this topic

 

165998962.jpg

 

Hackers are threatening a major breach in Dropbox security, having claimed to have stolen the login details of almost 7 million users, and promising to release more password details if they're paid a Bitcoin ransom.

 

However, Dropbox has denied it has been hacked, saying the passwords were stolen from third-party services.

 

An entry on Pastebin, posted on October 13 at 4:10 p.m. CDT, shows a list of 400 emails and matching plain text passwords, claimed to be part of a large-scale Dropbox hack.

 

The login details for the 400 email addresses, each one starting with the letter B, have been labelled as a "first teaser...just to get things going". The perpetrators are also promising to release more details if they're paid for the information.

 

It is unclear how the account details were accessed and, indeed, whether or not they are actually legitimate. However, the hackers claim to have accessed details from 6,937,081 individual accounts and are threatening to release photos, videos and other files.

 

"More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear."

 

However, a Dropbox spokesperson has denied the hack:

 

"Despite this, The Next Web reports that Dropbox has forced a password reset for the accounts listed in the Pastebin post.

 

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well."

 

Regardless of the veracity of the hackers' claims, it is probably worthwhile changing your password until the full scope of the problem becomes clear. As an added security measure, Dropbox also offers two-factor authentication which can be easily accessed on the security settings page, and completed in a couple of minutes.

 

If one thing can be learnt from the alleged breach, it's that passwords should consist of more than two letters, and should probably not contain your own name.

 

Source

Kavawuvi and Pandora like this

Share this post


Link to post
Share on other sites

Members of Open Carnage never see off-site ads.

They'll just pull this again if they get paid. Also, people need to stop using the same password for everything, unless they don't care if other people use their account.

 

Also, it's not "hacking" if someone uses your account because they correctly guessed your password because you're a dumbass.

Edited by 002
ForkSpoonz, swamp, Floofies and 1 other like this

Share this post


Link to post
Share on other sites

This isn't really even a problem that should be directed to dropbox. People should understand that using the same easy to guess password on multiple sites is a bad thing.

Floofies likes this

Share this post


Link to post
Share on other sites

um...sure it's possible that you can guess your friend's account for X service because you know his password for Y service, but we're talking about 7 million accounts here.  I rrrrreeeeally don't think they sat there and guessed that many account passwords...so how is that relevant?


oVoXWXc.png

Share this post


Link to post
Share on other sites

um...sure it's possible that you can guess your friend's account for X service because you know his password for Y service, but we're talking about 7 million accounts here.  I rrrrreeeeally don't think they sat there and guessed that many account passwords...so how is that relevant?

"Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts."

 

I really wasn't talking about guessing passwords specifically. They could have been brute forced, or taken using a keylogger.

 

What's relevant is that they didn't actually get them from dropbox.

Share this post


Link to post
Share on other sites

I only stopped using the same password for multiple places once I started to use a proper password manager. I also use 2 factor authentication on some services like dropbox, so even if someone had my password I'd probably still be fine.

Share this post


Link to post
Share on other sites

I recently started changing my passwords to some complicated string of letters and numbers. Just did my DB account just in case...

That doesn't help anything when most passwords are stolen by getting them from hacked databases or through third party applications that sell the information to people like the Russian Business Network. Having a way overly complicated password is useless. Once you have something moderately complex, you're fine from brute force attacks or dictionary attacks.

4VWJfoZ.gif

"You fix my mistakes is what you do." - Tucker
"You're useless." - Tucker 2 minutes later

"You're sort of cool in some ways." - 002

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
  • Recently Browsing   0 members

    No registered users viewing this page.